How Phishing Works
These attacks can take months to organize, as hackers collect information about the victims through social media and the dark web – but at the same time, they are smarter and harder to spot. Last year, 57% of organizations worldwide experienced a successful phishing attack. About 60% of the victims lost important data to fraudsters, 18% suffered direct financial losses, and in 52% of cases, credentials or accounts were compromised.
So how do we recognize and prevent spear phishing?
Be Careful With What You Share on Social Media
In today’s reality, we all put a big part of our lives online. Still, it’s a good idea not to let sensitive information (such as the date of your birthday or your vacation plans) out of the friends-and-family circle.
Learn to Spot Potentially Dangerous Communications
- Never open suspicious links with no additional text; double-check with the sender.
- Look out for changes to the spelling of domain names and for webpage redirects.
- Executable files in the attachment are a big red flag, but PDFs and MS Word documents may also contain malicious macros – so scan them with an antivirus first.
- If you get a call or email involving IRS checks or subpoenas out of the blue, reconfirm by the number on the sender’s official website.
Another Red Flag – Urgency
Few of us can make good decisions under stress. Fraudsters often exploit this by creating a false sense of urgency. If someone, even your boss, asks you for an URGENT money transfer – breathe in, breathe out, ask for confirmation.
Take Steps to Protect Your Company
If you are a CEO, organize a security awareness training for your employees, so they could learn to recognize different types of phishing. Besides that, an antivirus alone is not enough to prevent targeted attacks, so consider using a complex anti-phishing solution.
Have you ever undergone security awareness training? Have any insights to share?